Dropbox admits recent security breach led to spam attacks

A couple of weeks ago, Dropbox users began to complain about receiving spam in email accounts created exclusively for the service. After investigating the issue, Dropbox confirmed that a small number of accounts were affected by a recent security breach. “Our investigation found that usernames and passwords recently stolen from other websites were used to sign in to a small number of Dropbox accounts,” the company wrote on its website. “We’ve contacted these users and have helped them protect their accounts.”

The cloud storage provider believes that a stolen password was used to access an employee Dropbox account that contained a document with users’ email addresses. While Dropbox itself wasn’t hacked, it is puzzling that employees keep unencrypted lists of user emails in their own accounts. The company revealed that it has “put additional controls in place to help make sure [a breach] doesn’t happen again,” and is “taking steps to improve the safety of your Dropbox even if your password is stolen.”